vuln-list-alt/oval/p9/ALT-PU-2023-8425/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20238425",
      "Version": "oval:org.altlinux.errata:def:20238425",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2023-8425: package `v4l2loopback` update to version 0.12.7-alt1.g5e9dd41",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p9"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2023-8425",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2023-8425",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2022-2652",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2652",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades v4l2loopback to version 0.12.7-alt1.g5e9dd41. \nSecurity Fix(es):\n\n * CVE-2022-2652: Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2024-04-08"
          },
          "Updated": {
            "Date": "2024-04-08"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2022-2652",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2652",
              "Impact": "Low",
              "Public": "20220804"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:9",
              "cpe:/o:alt:workstation:9",
              "cpe:/o:alt:server:9",
              "cpe:/o:alt:server-v:9",
              "cpe:/o:alt:education:9",
              "cpe:/o:alt:slinux:9",
              "cpe:/o:alt:starterkit:p9"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:1001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20238425001",
                "Comment": "kernel-source-v4l2loopback is earlier than 0:0.12.7-alt1.g5e9dd41"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20238425002",
                "Comment": "v4l2loopback-utils is earlier than 0:0.12.7-alt1.g5e9dd41"
              }
            ]
          }
        ]
      }
    }
  ]
}